Getting a certain filename onto your computer doesn't sound like a hard problem. Just send them a mail with an attachment of "398rgf90rej243rf.htm" that their email client helpfully extracts for them, or have a file with that name in their web cache when they browse the internet.
Why would you need to trick someone into saving a file with a particular name? You already have malware running on their machine!
Seems much more likely that the check is there to confirm that the payload only runs on specific targets. And, perhaps more importantly, to make recovery and dissection of the payload very difficult for someone without access to the target(s).
If you are a virus and you are too obvious, you are quickly found and and eliminated by the "immune" system. So it is import to stay low on hosts where there is no benefit in attacking and only using them for vectors of infection and only go into full blown activation mode when some specific trigger is found.
I was thinking that this program is the bomb, but it's waiting for a trigger. Having a file with a certain name appear on the machine would be that trigger.
I would guess it shouldn't be planted it is expecting it to be there. Chances are that is an Arabic name for some program from Siemmens or something like that. Or the name of the a rich bank client used to connect to a Swiss bank or something of that sort.
The key is of course is to lay low and undetected until that trigger fires, otherwise, anti-virus companies will blow the whistle.
